Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

23 June 2023 | Developer

Google releases Flutter 3.7 and teases future improvements

Google held its Flutter Forward event this week where it announced version 3.7 of the framework and teased future improvements.

Flutter started life as a framework for developing Android and iOS apps. Over the years, it’s expanded to help developers build apps for not just mobile, but also desktop, web, and more, all from a single Dart codebase.

Google says Flutter has attracted five million developers and over 700,000 apps have been created using it. Based on GitHub...

26 January 2023 | Developer

GitHub is ending Sponsors payments via PayPal

GitHub has announced that it’s ending the ability for Sponsors to make payments via PayPal.

In a statement, GitHub wrote:

“Starting on February 23, 2023, GitHub Sponsors will no longer support PayPal as a payments processor. As such, it will no longer be possible to sponsor individuals or organizations using PayPal.

If you are sponsoring anyone on GitHub using PayPal, please update your GitHub payment method to pay by credit or debit...

24 January 2023 | Developer

Linux Foundation launches Open Metaverse Foundation

The nonprofit Linux Foundation has launched the Open Metaverse Foundation (OMF) to promote an open metaverse.

Current participating organisations of the OMF include the Cloud Native Computing Foundation, Futurewei, GenXP, Hyperledger Foundation, LF AI, LF Edge & Networking, Open Voice Network, Open Wallet, and Veriken.

When discussing the metaverse, it’s important to consider the history of the web.

The original vision for the web was a decentralised...

19 January 2023 | Blockchain

OpenWallet aims to support Web3 wallet development

The Linux Foundation has announced OpenWallet, an initiative to support the development of Web3 digital wallets.

“We are convinced that digital wallets will play a critical role for digital societies,” said Jim Zemllin, Executive Director of the Linux Foundation.

“Open software is the key to interoperability and security. We are delighted to host the OpenWallet Foundation and excited for its potential.”

OpenWallet aims to develop a secure and...

13 September 2022 | Blockchain

Introducing OpenTDF: Open source, accessible security for developers

At Virtru, we believe that the ability to securely share data is essential — and that privacy is a human right that must be protected. It’s a mission we have stuck by since we started in 2011, and sees us supporting over 7,000 organisations worldwide to protect their most valuable asset, their data, with Zero-Trust security and powerful, granular policy controls that tie identity to data, everywhere it moves.

Now, Virtru is giving developers a new way to build security...

28 July 2022 | API

‘Protestware’ emerges amid Russia-Ukraine crisis

Some open-source developers are using their projects to target users in Russia after the country’s invasion of Ukraine.

The invasion of Ukraine has been almost internationally condemned. The actions of Russian forces are being investigated for numerous war crimes and the targeting of civilians in areas like Mariupol has equated to genocide.

State-controlled media and harsh penalties for protests mean that a large number of Russians believe the Kremlin’s narrative...

21 March 2022 | Open Source

GitHub incentivises open-source investments with sponsor-only repos

GitHub is launching private repositories that only sponsors have access to, helping to incentivise open-source investments.

Open-source mostly relies on developers voluntarily giving up their time to build and improve projects. Priority is naturally given to work that helps to keep a roof over their heads and food on the table—meaning that open-source projects can be underdeveloped at best or be left with devastating vulnerabilities at worst.

A growing number of...

3 February 2022 | Git

Open-source can play a critical role in tackling the UK’s developer shortage

It is no secret that developers have never been more in demand. According to a recent analysis, the shortage of “programmers and software development professionals” only ranks behind HGV drivers and nurses as the occupation where worker shortages are most acute in the UK.

The sheer pace of digital transformation across every industry means the demand for developer talent continues to outstrip supply at a rapid rate – and the situation shows no sign of abating. Just about...

25 January 2022 | Git

Library deliberately corrupted by its developer relaunches as community project

A popular library that was deliberately corrupted by its own developer has been relaunched as a community-driven project.

Last week, Developer reported that users of open-source projects depending on the ‘colors’ and ‘faker’ libraries by Marak Squires were confronted with their applications indefinitely printing gibberish messages on their console—rendering them useless.

Squires corrupted his own libraries, seemingly in retaliation for others using them for...

17 January 2022 | Open Source